All Apple news

Google paid a record remuneration for disclosure

Chinese security expert has received 112 $ 500 for a vulnerability in Android.

This week Google announced the payment of remuneration to Guan Gong, a researcher of vulnerability and the employee of the Chinese company Qihoo 360 Technology. He provided a report on breach in August 2017.

At last year’s Pwn2Own competition Google Pixel is the only smartphone that has failed to crack. However, the team Qihoo 360 was able to identify a number of vulnerabilities, the joint operation of which allows you to remotely execute code on the Pixel and other Android devices.

Developed by researchers exploit is based on two vulnerabilities. The first is a mismatch the data types involved (type confusion) JavaScript engine’s open-source V8. It can be used for remote code execution in the sandboxed Chrome handler. Google fixed the vulnerability in September last code with the release of the Chrome 61. The second problem concerns the module libgralloc to Android and can be used to exit from the environment “sandbox”. This vulnerability was fixed in December 2017.

For the chain of exploits, the team earned $105 thousand in the framework of the Android Security Rewards (ASR) and another $7.5 thousand on reward program for vulnerabilities in Chrome.

Google is working on securing phones Pixel in hardware and in software. Pixel 2 and Pixel 2 XL are protected from unauthorized access hardware. Google claims that the hackers will be difficult to decrypt the data without knowing the password. But Gong and his team at Pwn2Own 2016, the prestigious annual competition hackers managed to hack into a Pixel of the first generation in 60 seconds. Qihoo 360 won the cash prize in the amount of $ 120,000 for their efforts. In total it turned out 520 000 dollars in prize money in the competition for breaking into several programs, including Adobe Flash.

Follow the news of the Apple in our Telegram-channel, as well as in the app on iOS MacDigger.

Leave a Reply

Your email address will not be published. Required fields are marked *